javax.net.ssl.trustStorePassword with encrypted password?

Stefan Renemeister

Greenhorn

Posts: 13

posted 4 years ago

I've set a truststore and it's password as a system property for my (IBM) JVM. Yes, WebSphere indeed. Unfortunately, I haven't seen ways of setting my password encrypted. As all system props, their definition (and values!) show when dumping process output, exposing my password in plain text.
I don't like that. I'm sure I'm not the only one. Can anyone enlighten me how I can set my password encrypted?

You need to store it in secure place and retrieve / Write some encryption/decryption algorithm to store and retrieve..

Stefan Renemeister

Greenhorn

Posts: 13

posted 4 years ago

I know, but unfortunately that's not possible right now (requires application modification, which is in the current phase of the project not applicable).
I really look for a way to avoid displaying the truststore password in plain text. Anyone?

I think I must be missing something. Assuming that one could encrypt the password then for it to be usable within the program the encryption key would need to be available to your program to decrypt the password so to be secure the encryption key would itself need to be encrypted! Of course this recursive encryption requirement extends to infinity.